Info Security Sr Analyst - TS/SCI Req'd
The Information Assurance Engineer will conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks, such as FISMA, ISO 27001, etc., and utilize all DHS automated tool sets. He/she will also ensure that the ISSOs have the necessary information throughout the lifecycle of each system. More specific responsibilities and task expected of this individual include:
- Create documentation to support information system authorization/accreditation packages. Be required to develop technical security documentation including items needed to develop a complete System Security Plan (SSP)Provide continuous monitoring support utilizing tools for information systems. Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development. Develop IT security policies, standards, and guidance. Ensuring artifact quality control of Security Assessment and Authorization (formerly Certification and Accreditation or C&A) documentation.Validating all information system security reporting.Overseeing the Plan of Action and Milestones (POA&M) process for assigned systems.Reviewing and monitoring POA&Ms for each IT system.Ensuring timely POA&M updates to the XACTA database.Ensuring that the Xacta automated tool, is utilized for conducting security assessment and authorization evaluations, and for reporting required IT security program status information.Ensuring DHS encryption policy is implemented and enforced.Advising project managers on the implementation of DHS encryption standards.
- Must possess one of the following current certifications: CISSP OR CASP
- Strong Knowledge of the NIST 800-37 and other Risk Management Frameworks (DIACAP).Extensive knowledge of the C&A process within the NIST Risk Management Framework and experience reviewing, advising, and processing and maintaining A&A Packages throughout the lifecycle of the system.Knowledge and experience reporting Information Assurance Vulnerabilities Messages (ISVMs) in compliance with Federal GuidelinesDemonstrate competency in the use of DHS automated tool sets, including Xacta.Exceptionally good written and oral communication skills.Good interpersonal and consulting-type skills.Desirable skills– Scripting in Perl, SQL, Java, Unix/Linux